Issue only access/permissions

We have a private org with multiple private repos and teams with 15-20 people on it in total, half of them are devs, the other half is marketing, sales, support.

Software developers should have access to the code/issues/etc... the usual stuff...

People in the marketing, sales and support should have access only to issues. Meaning I want them to be able to create/update/comment/follow issues, but they should NOT have access to our code, because they don't need it to do their job - this is adding an unnecessary security concern.

I know that right now there is only read/write roles, but that includes access to our code.

Re: Issue only access/permissions

Thanks for this feedback! We're always working to improve GitHub, and we consider every suggestion we receive. I've logged your feature request in our internal feature request list. Though I can't guarantee anything or share a timeline for this, I can tell you that it's been shared with the appropriate teams for consideration.

Please let me know if you have any other questions.

Cheers!

Mark helpful posts with Accept as Solution to help other users locate important info. Don't forget to give Kudos for great content!

Re: Issue only access/permissions

I have a similar issue and i'm discouraged because that's the same thing every customer rep of any dev company says. The problem is it's the text book thing to say because it's safe since that doesn't mean the issue will get fixed.

Re: Issue only access/permissions

Thank you for sharing that feedback. I completely understand your feelings here, and I hope I can help a little bit.

First, I want to assure you that we really do share this feedback with the appropriate teams. We log and track that feedback internally. You're right in that we can't guarantee anything or share timelines for individual feature requests, but we do look at each and every one of them and consider them seriously.

Second, I would highly recommend watching our changelog for the most up-to-date info on new features being added to GitHub. This is the best way to get the quickest info on updates and changes to GitHub, and we keep it very current.

I know this reply doesn't include any details or specifics on when or if we might be able to implement this specific feature, but I wanted to acknowledge your concern shared here, reaffirm that we will definitely share this feedback, and share the changelog link with you.

Mark helpful posts with Accept as Solution to help other users locate important info. Don't forget to give Kudos for great content!

Re: Issue only access/permissions

Currently, RSS is the only way to watch the changelog. However, it's a relatively new feature, so it's possible that we'll incorporate new ways to follow in the future. I'll pass your recommendation on to our product team for consideration.

Re: Issue only access/permissions

Are there any workarounds for this? A 3rd party app perhaps? We used waffle.io before moving to github projects, but that still requires you to have full access to the github account in order to be able to use it.

Re: Issue only access/permissions

The best workarounds for this use protected branches or CODEOWNERS files to prevent modification of code by people who shouldn't be able to modify it. If you wanted to use a machine user to create an app with access to issues on a repository only, you could also do that.

Re: Issue only access/permissions

Also needed by us. The best would be, if people who are only having a Issue only Access to Repositorys, don't count as team member. Because in our company, the people with issue only access are often clients from us. The benefit, is they can always see how their project is going